Download the PHP package xeroapi/xero-php-oauth2 without Composer

xero-php-oauth2

The xero-php-oauth2 SDK makes it easy for developers to access Xero's APIs in their PHP code, and build robust applications and software using small business & general ledger accounting data.

Table of Contents

• API Client documentation
• Sample Applications
• Xero Account Requirements
• Installation
• Authentication
• Configuration
• Custom Connections
• API Clients
• SDK conventions
• Contributing

API Client documentation

This SDK supports full method coverage for the following Xero API sets:

Sample Applications

Sample apps can get you started quickly with simple auth flows and advanced usage examples.

Xero Account Requirements

• Create a free Xero user account
• Login to your Xero developer dashboard and create an API application
• Copy the credentials from your API app and store them using a secure ENV variable strategy
• Decide the neccesary scopes for your app's functionality

Installation

To install this SDK in your project we recommend using Composer (For OSX we recommend using Homebrew).

All third party libraries dependencies managed with Composer and the SDK requires PHP 8.1 and later.

To install the bindings via Composer, and add the xero-php-oauth2 sdk to your composer.json and navigate to where your composer.json file is and run the command:

If no composer.json file exists, create one by running the following command. You'll need Composer installed.

Configure PHPStorm

We've received feedback that PHPStorm IDE default file size is too small to load the AccountingApi class.

"PHPStorm seems unable to resolve the XeroAPI\XeroPHP\Api\AccountingApi class. It just shows Undefined class 'AccountingApi' and therefore can't autocomplete any of the methods etc."

To fix this, add the following to the idea.properties file to increase this limit to 5000 kilobytes

idea.max.intellisense.filesize=5000

Instructions here for configuring PHPStorm platform properties on Mac/Windows/Linux

Laravel

Xero doesn't offer support on how to use of our SDKs in different frameworks, etc. We had a recommendation by Matt @hailwood in our developer community. They integrates xero-php-oauth2 and Laravel using the following package.

• https://github.com/webfox/laravel-xero-oauth2
• https://packagist.org/packages/webfox/laravel-xero-oauth2

Authentication

Below is starter code with the authorization flow. You can use the code below by creating 4 separate PHP files and securely replacing your CLIENT_ID, CLIENT_SECRET and __REDIRECT_URI__

All API requests go through Xero's OAuth2.0 gateway and require a valid access_token to be set on the client which appends the access_token JWT to the header of each request.

If you are making an API call for the first time the code below shows the auth flow using 4 separate PHP files and will work with these secure credentials replaced with your own:

• __CLIENT_ID__
• __CLIENT_SECRET__
• __REDIRECT_URI__

You can also see usage of the sdk in our sample app.

Important

The RedirectURI (ex. http://localhost:8888/pathToApp/callback.php) in your code needs to point to the callback.php file and match the RedirectURI you set when creating your Xero app.

1. Point your browser to authorization.php, you'll be redirected to Xero where you'll login and select a Xero org to authorize. We recommend the Demo Company org, since this code can modify data in the org you connect to.
2. Once complete, you'll be returned to your app to the redirect URI which should point to the callback.php.
3. In callback.php, you'll obtain an access token which we'll use in authorizedResource.php to create, read, update and delete information in the connected Xero org.

authorization.php

callback.php

authorizedResource.php

storage.php

Configuration

The storage.php is a simple recommendation. In your own app you should be securely persisting the token set data in relation to the user who has authenticated the Xero API connection. Each time you want to call the Xero API you will need to access the previously generated token set, initialize it on the SDK client, and refresh the access_token prior to making API calls.

Token Set

Custom Connections

Custom Connections are a Xero premium option used for building M2M integrations to a single organisation. A custom connection uses OAuth2.0's client_credentis grant which eliminates the step of exchanging the temporary code for a token set.

We also have a starter application for more code samples of this auth flow in PHP.

To use this SDK with a Custom Connections:

Because Custom Connections are only valid for a single organisation you don't need to pass the xero-tenant-id as the first parameter to every method, or more specifically for this SDK xeroTenantId can be an empty string.

App Store Subscriptions

If you are implementing subscriptions to participate in Xero's App Store you will need to setup App Store subscriptions endpoints.

When a plan is successfully purchased, the user is redirected back to the URL specified in the setup process. The Xero App Store appends the subscription Id to this URL so you can immediately determine what plan the user has subscribed to through the subscriptions API.

With your app credentials you can create a client via client_credentials grant_type with the marketplace.billing scope. This unique access_token will allow you to query any functions in appStoreApi. Client Credentials tokens to query app store endpoints will only work for apps that have completed the App Store on-boarding process.

You should use this subscription data to provision user access/permissions to your application.

App Store Subscription Webhooks

In additon to a subscription Id being passed through the URL, when a purchase or an upgrade takes place you will be notified via a webhook. You can then use the subscription Id in the webhook payload to query the AppStore endpoints and determine what plan the user purchased, upgraded, downgraded or cancelled.

Refer to Xero's documenation to learn more about setting up and receiving webhooks.

https://developer.xero.com/documentation/guides/webhooks/overview/

API Clients

You can access the different API sets and their available methods through the following API sets:

• AccountingApi
• AssetApi
• ProjectApi
• FilesApi
• PayrollAuApi
• PayrollNzApi
• PayrollUkApi
• AppStoreApi

Or for the Assets API:

Full method docs can be browsed here: https://xeroapi.github.io/xero-php-oauth2/docs/v2/accounting/index.html

SDK conventions

Accessing HTTP Headers

Every function has with it a more verbose WithHttpInfo option in case you need to build logic around any request headers.

For example:

• getInvoices -> getInvoicesWithHttpInfo
• getContacts -> getContactsWithHttpInfo

This will return an array of 3 elements from the HTTP request.

1. The object deserialized via the accounting object
2. The HTTP status code
3. The Response Headers

$apiResponse: {"Content-Type":["application\/json; charset=utf-8"],"Content-Length":["2116"],"Server":["nginx"],"Xero-Correlation-Id":["9a8fb7f7-e3e6-4f66-a170-88effabe9f4e"],"X-AppMinLimit-Remaining":["9997"],"X-MinLimit-Remaining":["57"],"X-DayLimit-Remaining":["4954"],"Expires":["Fri, 23 Jul 2021 17:32:31 GMT"],"Cache-Control":["max-age=0, no-cache, no-store"],"Pragma":["no-cache"],"Date":["Fri, 23 Jul 2021 17:32:31 GMT"],"Connection":["keep-alive"],"X-Client-TLS-ver":["tls1.3"]}

JWT decoding and Signup with Xero

Looking to implement Signup with Xero? We've added built in decoding and verification for both Access tokens and ID token in xero-php-oauth2.

Json Web Tokens (JWT) claims are pieces of information asserted about a subject.

The code below shows how to securely read claims about the access token (a user authentication) and abut the id token (a user's identity & profile).

Methods to access Dates in Accounting have changed since version 2.x

Both our Accounting and AU Payroll APIs use Microsoft .NET JSON format i.e. "\/Date(1439434356790)\/". Our other APIs use standard date formatting i.e. "2020-03-24T18:43:43.860852". Building our SDKs from OpenAPI specs with such different date formats has been challenging.

For this reason, we've decided dates in MS .NET JSON format will be strings with NO date or date-time format in our OpenAPI specs. This means developers wanting to use our OpenAPI specs with code generators won't run into deserialization issues trying to handle MS .NET JSON format dates.

The side effect is accounting and AU payroll models now have two getter methods. For example, getDateOfBirth() returns the string "\/Date(1439434356790)\/" while getDateOfBirthAsDate() return a standard date "2020-05-14". Since you can override methods in Java setDateOfBirth() can accept a String or a LocalDate.

Contributing

PRs, issues, and discussion are highly appreciated and encouraged. Note that the majority of this project is generated code based on Xero's OpenAPI specs - PR's will be evaluated and pre-merge will be incorporated into the root generation templates.

Versioning

We do our best to keep OS industry semver standards, but we can make mistakes! If something is not accurately reflected in a version's release notes please let the team know.

Participating in Xero’s developer community

This SDK is one of a number of SDK’s that the Xero Developer team builds and maintains. We are grateful for all the contributions that the community makes.

Here are a few things you should be aware of as a contributor:

• Xero has adopted the Contributor Covenant Code of Conduct, we expect all contributors in our community to adhere to it
• If you raise an issue then please make sure to fill out the github issue template, doing so helps us help you
• You’re welcome to raise PRs. As our SDKs are generated we may use your code in the core SDK build instead of merging your code
• We have a contribution guide for you to follow when contributing to this SDK
• Curious about how we generate our SDK’s? Have a read of our process and have a look at our OpenAPISpec
• This software is published under the MIT License

For questions that aren’t related to SDKs please refer to our developer support page.